You cannot be serious….

Green computer code on a black screen

…yes you can and you must be. But serious about what? About your passwords, that’s what. Like many others, I’ve been banging on about passwords for years and years and years. From a company that would put a new laptop on a desk for the user with the password on a post-it note attached to the lid to companies that shared passwords by email to people using easily guessable passwords the whole issue of password security is not going away.

And it’s causing major problems and financial loss.

In 2019, 80% of all data breaches which resulted in financial loss, were the result of compromised passwords whilst IBM have stated that the average cost of a data breach to businesses in 2020 was $3.86m so you can see stealing passwords (and other information) is big business.

But this post is not about the physical stupidities like leaving passwords lying around it’s about the passwords you and I use that are part and parcel of our day-to-day web access.

Every year a company called NordPass* evaluates the latest password data across 50 countries. They get this by examining a database of 4TB of data, all of these passwords have been nicked, stolen, and hacked. These security breaches are the result of hacking, phishing and other “nocturnal” cyber activities.

Passwords, credit card numbers, bank account details, usernames, dates of birth and other details are made available for sale on the Dark Web and this is where NordPass gets their seed data.

The Most Common Passwords 2021

And it seems that in 2021 little has changed. The most common passwords they found were

  1. 123456 (used a staggering 103 million times)
  2. 123456789 (46m uses)
  3. 12345 (33m uses)
  4. qwerty (22m uses)
  5. password (21m)
  6. 12345678 (15m)
  7. 111111 (13m)
  8. 123123 (10m)
  9. 1234567890 (10m)
  10. 1234567 (9m)

All of the above would be cracked in under one second. That’s how secure these passwords are

Apparently a “stunning” number like to use their own name – “Charlie” being the 9th most popular password in the UK whilst popular music acts and sports also have their own claim to fame. “Onedirection” being popular, along with “Liverpool” whilst in Canada “hockey” was the top sports related password and “dolphin” was number one amongst animal related passwords.

Hacker Inside

NordPass have mapped the data too and, according to their data 187,219,153 passwords have “leaked” from the UK, that’s an average of 2.785 passwords per capita.

How should you formulate your passwords?

Passwords should be 16 characters or more – a M1xture! of UPPER case, lower case, numbers and characters and should NOT be used for more than one account. They should not use ANY personal information, no address details, no phone numbers, no pets names in fact nothing that can be gleaned from social media and day to day interactions

Challenge to remember? You bet. Difficult to crack? Most certainly. According to How Secure is my Password 45Erp!VBN?1869y& will take 41 trillion years to crack.

I have over 250 passwords that I use so I have to use a Password Manager to store them. I use LastPass but many others are available, including NordPass’ own, and some are free. I suggest, though , that you use one that can synchronise across all of your devices, PCs, Macs, tablets, phones etc so that you always have your passwords with. A good Password Manager will not only store your passwords very securely but should also create secure passwords for you.

Go ahead and test your passwords using their secure tool.

I might not be a cyber security expert – but I know quite a bit and know some very good ones so if you need some help with your cyber security, your SEO or any other element of your online marketing activities then why not kick things off with a free consultancy session, drop me an email or just give me a call on 01793 238020 or 07966 547146.

In the meantime, be safe out here. The World Wide Web can be a dangerous place

*NordPass have a vested interest in password security – they sell a Password Manager

National Cyber Security Month

October is National Cyber Month.
What is National Cyber Security Month?

National Cyber Security Week

Threats of Cyber Crime from Cyber Criminals continue to increase and we all need to be increasingly alert and focussed on the threats, the impact they could have on our lives AND the things we can do to minimise the risk to ourselves and our businesses.

Red spot on code

National Cyber Security Month 2021 has the overarching theme “Do your part. #BeCyberSmart” and looks to empower individuals and businesses to own their role in protecting their part of cyberspace.

If we all do our part then we will all benefit from a safer place to live and be in a safer place to do business. Not only that but we’ll also be denying the cybercriminals the space they need to extort, employ fraud and generate the money they lust after.

How can we contribute?

We can all look to implement stronger/better security practices such as not clicking links in emails, not opening emails from people we don’t know or even opening emails we weren’t expecting. We can install security software on our phones, our tablets and our computers. We can use stronger passwords, and make sure we use unique passwords for EVERY application.

Each week, National Cyber Security Month will have a different focus, starting with Week 1 – Be Cyber Smart

Week 1, Starting October 4 – Be Cyber Smart

log on box

Our lives are increasingly intertwined with the internet and the World Wide Web. Pretty much all personal and business information is stored on internet connected platforms.

From banking to social media, from email to SMS, from phone and video calling to watching TV and listening to music and beyond.

The internet simplifies some areas of our lives and makes it more complex in others but the one, overarching common factor, is the need for a strong level of security to keep our data safe.

That’s why Week 1 of National Cyber Security Week focuses on the best security practices and “cyber hygiene” to keep our data safe, owning our role in Cyber Security and starting with the basics. That includes using unique, strong, passwords and making sure that we use multi-factor authentication (2FA) where it’s available, preferably avoiding SMS (text Message) authentication where possible.

Week 2, Starting October 11 – Fight the Phish – Trust No One

Phishing attacks, where emails and text messages are sent containing web links encouraging you to click the link, visit a website set up by cyber criminals and enter your user names and passwords are still on the increase. Why are they on the increase? Because they work. People see an email that purports to come from their bank, HMRC, DVLA, Post Office, BT etc. and are given a warning claiming that the recipient needs to do something NOW or they will be locked out of their account, will be arrested, won’t have an order delivered …. or one of many other ruses. You click the link and either have malicious software sent to your computer without your knowledge and approval or give away user names and passwords to cyber criminals, enabling them to access your personal accounts and to steal from you.

The X-Files mantra of “Trust No one” applies here. Any email that contains a request for such information should always be approached with caution and, if you have even a small inkling of concern, then simply open your web browser and visit the website of the sender to check out the veracity of the email.

Week 3, Starting October 18 – Explore, Experience, Share

Week three focuses on the National Initiative for Cyber Security Education (NICE), inspiring and promoting the exploration of careers in the cybersecurity sector. Whether you are a student or a veteran or seeking a career change, this week is all about the exciting, ever changing, field of cyber security, a rapidly growing business sector with something for everyone

Week 4, Starting October 25 – Cybersecurity First

The last week of National Cybersecurity Month looks at making security a priority. Actually taking a Cyber Security First approach to designing and building new products, developing new software, creating new Apps.

Red spot on code

Make Cyber Security Training a key part of onboarding when taking on new employees (and, at the other end, making sure that technology rights are revoked when people leave organisations).

Ensure that your employees are equipped with the cyber secure tools that they need for their jobs. If you practice a BYOD (Bring Your Own Device) policy, allowing employees to use their own phones, tablets and computers then you need to ensure that the cyber security deployed is as strong as that on equipment that you provide.

Before buying new kit, or signing up to a new service, do your research, check the security. Is it secure enough? Can it be made more secure? Can it be remotely wiped? Who has control? All of these questions, properly answered, will ramp up your cyber security defences and help keep the cyber crims at bay

When you set up new equipment, that new phone, tablet or laptop, I know it’s exciting but please invoke the Cyber Security first, don’t leave it until last – it might be too late. Make sure default passwords are replaced with something secure and lock down those privacy settings.

Cyber Security MUST NOT be an afterthought. If it is, you could find yourself paying the price

And if you need some help, you can always ask me. I might not know the answer but I know people in the Cyber Security industry that I can put you in touch with. Email andy@enterprise-oms.co.uk, phone/message me 07966 547146, call 01793 238020 or message me on Social Media and we’ll get it sorted.

New Password Guidance from the National Cyber Security Centre

POSTED ON  BY ANDY POULTON

15 years ago Bill Gates, yes that Bill Gates, predicted the death of the password, presuming that a much more secure alternative method of securing data be adopted, But it hasn’t and passwords are still the default method of securing access to data and systems.

And, with the rapid rise of Cloud Services, Smartphones, tablets and much greater use of the world wide web passwords are seen as an easily-implemented, low-cost security method that users have become familiar, and comfortable with.

Logging On

However, with the sound advice of using a different password at every instance that requires a password has lead to “password overload”, more so when the instruction is to make then increasingly complex to reduce the chance of password theft or accounts being hacked. This has lead to a small range of different strategies to remembering passwords. From writing them down in a “little black book”, saving them on a spreadsheet or using a password Manager [with over 300 passwords, the latter is my choice]

However, a lot of people develop a strategy that is simply based on incrementation. HardPassword1, HardPassword2 etc. The danger being that in a data breach, once your strategy is uncovered it’s just a matter of time before hackers gain access to a range of your accounts.

Recent advice from the UK’s National Cyber Security Centre (NCSC, based in London and part of the UK’s Cyber Security HQ at GCHQ) has suggested making passwords up simply from three random words. Their advice is to be creative and use words that are memorable to you – but not words that can be easily associated with you, such as

  • Your children’s names
  • Favourite Sports team
  • Current partners’ name
  • Names of other family members
  • Pet’s name
  • Place of Birth
  • Favourite Holiday
  • Etc

So, that makes it harder to think of 3 random words but I’ve got an idea. And it’s based on geography. Before you run away thinking I’m going to suggest capital cities, rivers or mountain ranges stay with me. I suggest using some places that are close to your heart, but randomised -by using the navigation app/website What Three Words.

What Three Words is able to define a precise location, down to a 3 metre square. Simply visit the What Three Words website, or install their free app on your phone and navigate to your favourite place. Here’s one of mine (not used for any of my passwords so I’m giving nothing away)

St Catherine’s By The Sea in Map View and Google Earth View

Whether you use the Map View or Google Earth type view, you’ll see the map is overlaid by little squares.

Now, just click on a square and it will be identified by three unique words, so you could click on the entrance to the church, for example, or even a grave stone in the grave yard and What Three Words will give you a code that is unique to that square.

I’ve clicked on the church door and the unique code is remarking however stubble. You could make it harder by adding hyphens, or a different symbol and perhaps capitalising Remarking-However&Stubble for example.

Now all you have to do is either remember your password or use a decent Password Manager -and there are many to choose from, and I’ve written about them in the past.

And PLEASE, if this applies to to you – STOP USING PASSWORD or 12345678 and use one of the above instead

If you need any help, please, just ask. You can reach me by phone – 01793 238020 – email – andy@enterprise-oms.co.uk or just hunt me down on Social Media.

How much did your last cup of coffee cost?

Cybercrime is everywhere these days, in 2020 cybercrime cost UK businesses an estimated £21Bn* with an estimated 40% of UK businesses being subjected to to some kind of cybercrime in the previous 12 months. So, how can you minimise the risk to YOUR business?

There’s lots of advice on passwords, I regularly write about them, and other security measures that you can take but did you know that even a trip to your favourite coffee shop could end up being far more expensive than the price you pay for your Triple Grande Decaf Soy Latte Macchiato and blueberry muffin.

Cup of coffee and coffee beansImagine the scene, you’re between meetings and decide to drop into your favourite coffee shop for a cup of coffee, a cake and to tap into their Wi-Fi to read your emails, refresh your knowledge in time for your next meeting or simply to surf the web.

Spoof Wi-Fi Hotspot
Sign fro free wifi hotspot
When you sit down and try to log-on to the Wi-Fi there’s frequently a selection of hot-spots to choose from. How do you know which is the free service provided by the venue and which is a spoof.

It’s very easy to set up a Wi-Fi hot-spot using a mobile phone, Mi-Fi type of device or laptop and allow other users to connect through this free connection. This means that all of the traffic can then be intercepted by the person providing the spoof account, what sort of important information is passed from your laptop through this connection? It could be your details to access your online banking, the log-in to your company network or the necessary information required to access your corporate email account.

Time for a comfort break

Laptop and cup of coffeeThen the urge hits, you look around and see that everybody seems respectable enough so you head off to the toilet thinking that your laptop is safe on the table. After all, nobody would nick in sight of all those customers, staff and CCTV cameras would they?

You’d be wrong. Laptop tracking service provider, Prey, found that areas offering free Wi-Fi were the second most common target for opportunistic laptop thefts, the only riskier place being left in a visible place in your car.

If stolen, it’s not only the inconvenience of replacing the laptop, reinstalling your applications and copying back your data [you do back-up your data don’t you?] it’s the additional costs that aren’t covered by your insurance.

The Ponemon Institute, a US cyber crime consultancy, put the real cost of the loss of a laptop and it’s data at nearly £31,000. This was broken down into £4,000 for the loss of Intellectual Property, forensics and legal bills adding around £1,500 with a staggering £24,500 attributable to the loss of income, customers and competitive advantage associated with a data breach

So, the next time you stop off for a cup of coffee and decide to log-on using their free Wi-Fi, just make sure you know which network that you’re connecting to and that you don’t leave your laptop unattended.

*Detica in partnership with the Office of Cyber Security and Information Security in the Cabinet Office Report, 2020

What is a “man in the middle” attack?

Believe it or not, this post was inspired after listening to an ad on the radio. I’ll let you know which one right at the end (if I remember)

Imagine the scenario. You’ve popped out to lunch and drop in to Costa/Starbucks/favourite coffee shop. Food’s on the way, your lovely Espresso/Cappuccino/Cortado/super sized hotta mocha choca machiato is in front of you and you realise that you’ve not replied to a very important email.

Free Wifi - made with Scrabble tiles

You get your phone out and remember that, despite all the fuss about 5G, your town hasn’t even sorted 4G but you’ve been here before and know the cafe has free Wi-Fi.

List of WiFi networks

You remember that the Wi-Fi’s called “Stephen’s Wi-Fi Network” so that people can find it easily. You search for it, find it and don’t worry that you log-in seamlessly although you do notice that the signal is a little stronger than normal.

You open the email app on your phone, find the mail that really needs the reply and peck one out on your phone’s keyboard, hoping that the message in your phone’s email signature, saying that this was sent from your iPhone, will help overcome your mistypes and slightly terse language.

You’ve still got some coffee left and it’s pay day so whilst sat down you decide to check your bank account to make sure your pay has gone in. It has, and you have more than you thought. Enough to buy that gift for your lovely partner. For security’s sake you haven’t stored your card details in your phone. Out comes your wallet and you add your card details to the order screen. Click “confirm” and the order’s on it’s way

As you get up to leave you spot the homeless looking chap in the corner. He’s got a really tatty looking laptop and you feel sorry for him, until you see he’s got a huge grin on his face – you walk on by and head back to the office.

At the end of the day and you’re shutting everything down when your phone rings. It’s your partner – you’re puzzled, they don’t normally call you at work

You answer and hear tears at the other end. They’ve been shopping, found a lovely winter coat and decided to buy it but their card, which is on a joint account with yours, was declined.

You are confused. When you checked the account at lunchtime there was more than enough to cover the cost of the gift you ordered and this coat………where did all the money go?

You log in to your account and it’s empty. You can see your gift order but have no clue what all the other transactions are, you’ve not ordered anything else – and neither has your partner.

The Man in the Middle

What’s happened is that you logged in to the wrong Wi-Fi network and your data has been stolen. No, it wasn’t the homeless looking chap it was the chap you never really paid attention too because he looked like a businessman. And he was, its just that his business was theft, theft of credit card details like yours.

He had set up his own Wi-Fi network using a portable hot-spot, hidden in his backpack and connected to his laptop AND the cafe’s network to provide the broadband. He’d given it a name that was so close to the one that you were used to that it was easy to log on to it, rather than the “real” one.

The cafe’s Wi-Fi was “Stephen’s Wi-Fi Network” and the “man in the middle’s was “Stephens Wi-Fi Network” so when you logged in, all your data flowed through his hotspot to the cafe’s Wi-Fi network and on to the internet. With his laptop he was able to access everything that passed from your phone through the hotspot, including your card details when you made your purchase and off shopping he went. 

How to avoid the man in the middle

Either be 100% certain that the network you are connecting to really is the network you want to connect to or avoid Wi-Fi hotspots like the plague. I do………unless there’s no other alternative. And in this scenario I only ever browse the web.

Passwords are not just for Christmas

Wow, what a year. One thing’s for certain, 2020 is one year that will never be forgotten. Covid, Lockdown, Furlough, words that have been added to the canon of speech this year. And, to cap it all, Christmas is just around the corner and the world is still full of massive levels of uncertainty.

Whether you are working from home, #WFH, working in an office or still out and about I know that as Christmas approaches the big wind-down starts to feature in our minds.

Nothing wrong with looking forwards to Christmas but it’s important that you don’t allow your Cyber Security guard to fall too.

Andy, checking out websites as part of his work

Why not? Simply because the hackers and cyber criminals won’t – if anything they’ll be upping their activity because they know that our minds will be on other things. In previous years we’d have been looking forward to Christmas Markets, Christmas parties, gifts, food, television and everything else that’s associated with the season of goodwill.

Our vigilance MUST remain high, both in the office and when working from home. Keep your eyes open for suspicious looking emails, especially those coming from unexpected quarters, with messages that promise much, such as tax refunds or deliveries of items you don’t remember ordering. Also beware of emails with links to websites that look OK but in reality will do harm.

It’s also a good idea to take a fresh look at your password security. Turkish researcher Ata Hakcil analysed more than 742m passwords that have been revealed in data breaches (hacks) that turned up on the Dark Web. Ata went on to make a worrying number of discoveries.

Of the 742m only 169m were unique which just goes to show how frequently we reuse passwords and how many passwords are used by a lot of people.

Worst passwords of 2020

Unfortunately, not a lot has changed over previous lists

1/ 123456 (same place as 2018 & 2019)
2/ 123456789 (up 1 place) (same as 2019)
3/ passwords (up one place on 2019)
4/ qwerty (a fall of one place on 2019)
5/ password (slips two places)
6/ 12345678 (up 1 on 2019)
7/ 123123 (a new entry)
8/ 111111 (up from No. 10 in 2019)
9/ 1234 (yes, I kid you not, 1234)
10/ 1234567890 (a new entry in this Top 10)

Disturbingly, at least 1 in 10 people have used at least one of these poor passwords – I hope you’re not one of them.

Data breaches are inevitable. To be as secure as possible you need to use strong, unique passwords for each individual account that you have. This makes the theft of one password much less of a disaster than if you use the same (or close variant) across all of your accounts.

What’s a Strong Password?

A strong password isn’t a word at all. The best ones are passphrases comprising of a random combination of words with 12 characters or more, using mixtures of alphanumeric, UPPER & lower case characters and symbols.

Think of a nonsense phrase, or even a line from your favourite song. Science Friction Burns My Fingers for example. Noe, run the words together, use hyphens, underscores and number substitution.

Sc13nce-fricti0nBurnsMy_Finger5%

That’s one password – you need a unique one for EVERY account that you have. Now, that’s a challenge to remember so you need a password manager. Because of my work, I have access to 789 accounts of one sort or another and I have 789 different passwords. Obvious there’s no way I could remember all of those – I struggle to remember 4 important ones which his why I use a password manager. Not only does it store all of my passwords in a safe place it also generates new, random, ones for me.

Top 10 Password Managers

There are loads of great password managers out there. I use LastPass because it was one of the first to integrate with my browser AND be available across all of my devices, desktop, laptop, Chromebook, phone and tablet.

TechRadar recently reviewed Password managers and their top 10 free and paid-for password managers is as follows

1/ Dashlane
2/ NordPass
3/ RoboForm
4/ 1Password
5/ LastPass
6/ Keeper
7/ BitWarden
8/ LogMeOnce
9/ mSecure
10/ ZohoVault

You can read TechRadar’s reviews here. And don’t forget, your web browser probably has a password manager built in and may even generate new ones for you but it may not synchronise across all of your devices

And PLEASE, if this applies to to you – STOP USING PASSWORD or 12345678 and use one of the above instead

Have a great Christmas, a happy new year and I look forward to communicating with you in the new year. If you need any help, please, just ask. You can reach me by phone – 01793 238020 – email – andy@enterprise-oms.co.uk or just hunt me down on Social Media.

Why would anyone want to hack my website?

log on boxWith the news that 30m credit and debit card details from US customers and over 1m sets of card details belonging to visitors to the US, have been put up for sale on the Dark Web following a malware attack against US convenience retailer Wawa I thought I’d take time out to explain why small businesses are just as at-risk from hacking as large organisations.

But first, let’s take a look of some of the major security breaches that occurred last year. According to Risk Based Security’s Data Breach Report there were 5,183 breaches by the end of September 2019 alone. These exposed more than 7.9 billion records. This was a 33.3% increase on the same period in 2018.

Here are some of the worst breaches.

  • Orvibo Smart home products – 2 billion records discovered on an unprotected database. These comprised of private individuals, hotels and businesses who were using Orvibo’s smart home devices. The data included email addresses, passwords, user names, family names and addresses.
  • Dream Market Breach – 617m online account details stolen from 16 hacked websites, including MyFitnessPal (151m). Data stolen included user names, passwords and email addresses.
  • Canva – 139m records stolen, names, user names, passwords, email addresses and location.
  • Capital One – 106m records hacked with names, addresses, credit scores, email addresses, dates of birth and more stolen.
  • Words with Friends – 218m records stolen, including names, email addresses, passwords, phone numbers and, where linked, Facebook ID info

However, these are just some of the ones that hit the headlines. Thousands don’t,  particularly attacks on smaller businesses. Research indicates that nearly 70% of SME’s experience cyber attacks (Ponemon State of SMB Cyber Security 2018) but why SMEs?

I talk to many people who believe their businesses are too small to have anything of value to the hackers. However, the truth is that they are too small to have a dedicated cyber security officer/specialist and so are easy targets.

Let’s take websites – most businesses use WordPress – over 1/3rd of websites use it. There’s nothing wrong with WordPress but, as the world’s most popular web development tool, it is also the hackers main target. (A bit like the way Windows is targeted compared to Apple’s operating system – its all in the number of targets)

WordPress is pretty secure and there are Plugins to make it more so BUT you have to keep everything up to date. Keep WordPress up to date, keep your plugins updated too because if you don’t you might be leaving holes in your security for the bad guys to exploit. 

But why would they?

  • Small companies are frequently connected to larger organisations and they might be a way in
  • Hacked systems can store illegal material
  • Hacked systems can be used in attacks on other websites (DDoS)
  • Hacked systems can host Malware
  • Hacked systems could provide access to valuable Intellectual Property
  • Hacked systems could provide easy access to other valuable data

Malware

Safer Internet DayImagine you have a reasonably popular website. Hackers will look to gain access to your site and plant malware on it that will automatically download (and install) itself on the computers of everyone who visits your website. The malware could allow the hackers to record the keystrokes of infected machines, could enable the hackers to take remote control of infected machines or turn them in to storage depots for illegal material.

Imagine how your reputation will suffer when this comes to light. 

  1. Keystroke recorders
    A keystroke recorder does what it says on the tin, it records every single keystroke made on a keyboard and secretly transmits it to a malicious 3rd party. This could be bank/card details, online shopping details, log-in user names and passwords, and much more
  2. Remote Control – DDoS (Distributed Denial of Service Attack)
    With the ability to remotely control your PC, and hundreds or thousands of others, malicious 3rd parties can “take down” target websites simply by overwhelming them with more web traffic than the website can cope with. Remember what happens to the Glastonbury website when the tickets are released – although not malicious the number of people desperate to get their tickets tend to bring the website to its knees as soon as tickets are made available

    Imagine a bookmakers website going off line a week before a major betting event. They’d be contacted by the Cyber Criminals who will admit responsibility. The bookmakers will then be told to “pay up” or their website will be blocked again, much closer to “big day” and prevent bets being placed.
  3. Illegal data storage
    Imagine the scene. There you are working in your office and there’s a battering ram through the door followed by police storming in with a warrant to take ALL of your computing devices. Your business will grind to a halt but why have you been targeted? Simples, as the meerkats say – the police have identified one or more of your computers/servers as the source of illegal material. This could be pirated software, music, films or worse. In the worst case scenario this information hits the local (and possibly national media) and your reputation is trashed. And you may not even have been at fault!
  4. GDPR
    Under all of the above scenarios you’ll probably have to report the matter to the Office of the Information Commissioner (ICO) under GDPR. After investigation, If your security and procedures are found wanting then you might be liable for a fine. GDPR states that fines can be up to 4% of your turnover, and that’s no laughing matter

How do I prevent this happening to me

No security system is 100% watertight, there are just too many variables and access points. The closer you get to 100% the more expensive it becomes to close those last few security percentage points. However, like home security, your job is to make sure that your security is as good as it can be so that the bad guys choose an easier target.

Get in touch with a good IT company or Cyber Security company or you could #AskAndy. Drop me an email – andy@enterprise-oms.co.uk or give me a call on 01793 238020 and we can start the ball rolling. I know that I’m not a security consultant but I know quite a bit and can always point you in the direction of a trusted third party if you need more help.

New Year – New Security Resolution

Tamara EcclestoneIn December last year Tamara Ecclestone’s London home was burgled and jewellery worth £50m was stolen.

Leaving aside the fact that this is a phenomenal sum of money to have invested in jewellery only to leave it “lying around” there are many rumours as to the particular timing of the heist.

Just a few hours before the robbery took place, Tamara and her husband shared a picture on Instagram of them boarding a private jet.

As a billionairess it’s no doubt that people of a dubious background will have been watching her social media updates hoping for just such an opportunity. They will have lists of targets, important addresses and social media accounts and probably even have plans in place, ready for execution as soon as an opportunity presents itself.

So, think about the pictures you post to Social Media. What do they give away? All those photos of you sunning yourself on a beach somewhere warm and exotic tells near do wells that you are not at home. Photos of road trips tell people that you are not at home, or in your business.

You even need to make sure that there’s nothing in the background of the picture that can be zoomed in to that might give away something you’d rather kept private. An innocent looking photo taken outside of your house could, if zoomed in, give away your house number whilst previous, or subsequent pictures could give away your street name – for example.

If you are going away, and you are an important cog in your business, it could encourage scammers to target employees with fake emails requesting money transfers, payment of fake bills and invoices etc.

log on boxSo why not make 2020 the year you strengthen your security fortifications. Make a start with passwords and email.

  • Conduct a password audit of everything AND everybody involved in your business.
  • Enforce the use of strong passwords and encourage the use of password managers
  • Make sure that you have a strong email policy in place.
  • Educate yourself and your employees on the tricks used by scammers-
    • how to check whether a link in an email takes the clicker to a safe site or not
      Hint – hover your cursor over the link to see the full web address
    • Ensure that the email comes from a trusted address. Is it from mycompany.co.uk or mycompany.co or myc0mpany.co.uk for example?
      hint – hover your cursor over the address or just hit “reply”
    • Are there any obvious spelling or grammatical errors?
    • Would you be expecting an email from this particular source?
    • Does the email express an urgent response?

Don’t forget that people new to your organisation should also receive the same level of training. Always remember that “if it feels to good to be true” then it probably is

And if you are still unsure, look up the phone number for the company that you think the email is from and give them a call – don’t rely on the phone number that’s displayed within the potential scam email.

Watch out for more emails looking at security issues and if you have any concerns, please don’t hesitate to get in touch for an informal chat by email (andy@enterprise-oms.co.uk) by phone (01793 238020) or ask me on Social Media – Linkedin or Twitter and I’ll be only too happy to talk.

Thanks for reading and I hope you have a great, and secure 2020.

 

 

Christmas is coming, don’t let the hackers get fat

Christmas is nearly here, people are beginning the big “wind down” and it would be so easy to let your guard down too.

Andy, checking out websites as part of his workWell, let me tell you, the hackers and cyber criminals won’t – if anything they’ll be ratcheting up their activity because they know that our minds will be on other things.

You know, things like Christmas parties, gifts, food, television and everything else that’s associated with the season of goodwill.

So, vigilance must remain high, both in the office and when working from home. Keep your eyes open for suspicious looking emails, especially those coming from unexpected quarters, with messages that promise much, such as tax refunds or deliveries of items you don’t remember ordering. Also beware of emails with links to websites that look OK but in reality will do harm.

It’s also a good idea to take a fresh look at your password security. SplashData have just released their ninth annual “Worst Passwords of the Year” list which has been compiled from more than 5m passwords that have ended up on the Dark Web after being purloined by hackers.

Unfortunately, not a lot has changed over previous lists

  1. 123456 (same place as 2018)
  2. 123456789 (up 1 place)
  3. qwerty (a return to the top 5 for this old favourite)
  4. password (slips two places)
  5. 1234567 (up 2)
  6. 12345678 (falls out of the top 5)
  7. 12345 (falls by 2 places)
  8. iloveyou (this perennial is up 2 places from 10 in 2018)
  9. 111111 (yes, people do use this although it’s fallen 3 places from last year)
  10. abc123 (up 7 and breaking in to the top 10)

You can see passwords from 11 to 25 here.

SplashData estimates that at least 1 in 10 people have used at least one of these poor passwords.

Data breaches are inevitable but by using strong, unique passwords for each individual account that you have makes the theft of one password much less of a disaster than if you use the same (or close variant) across all of your accounts.

3 simple tips to make your digital life more secure

  1. Use passphrases (random word combinations) of 12 characters or more with mixed character types
  2. Use a different password for each of your log-ins so if you loose one password you haven’t lost all of the keys to your digital empire
  3. Use a password manager to secure your digital assets, to generate random password combinations, store them securely and make them available across all of your devices

And PLEASE, if this applies to to you – STOP USING PASSWORD or 12345678 and use one of these instead

Top Password Managers (in no particular order)

Have a great Christmas, a happy new year and I look forward to communicating with you in the new year. If you need any help, please, just ask. You can reach me by phone – 01793 238020 – email – andy@enterprise-oms.co.uk or just hunt me down on Social Media.

However, I hope to enjoy Christmas too so may be slower than normal in responding to your requests. I’ll be back in the office on January 2nd.

How secure is your password?

Government Communications Head Quarters (GCHQ) – where the UK spooks provide signals intelligence to the UK’s government, military and Military Intelligence and the Department for Digital, Media and Sport (DCMS) carried out their first UK Cyber Survey and the results didn’t make for great reading.

Apparently

  • 42% of us Brits expect to lose money to on-line fraud
  • 23.2 million worldwide victims of cyber breaches used 123456 as their password
  • 15% say they know how to properly protect themselves from harmful on-line activity
  • 33% rely on friends and family for help with their cyber security
  • Young people are the most likely to be cyber aware, privacy concious and careful of the details they share on-line
  • 61% of internet users check Social Media daily, 21% say they never look at it
  • More than 50% use the same password for their email that they use elsewhere
Hacker Inside

Dr Ian Levy, NCSC Technical Director said “Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.” whilst Margot James, DMCS Minister said “We shouldn’t make their (cyber criminals) lives easy so choosing a strong and separate password for your email account is a great practical step. “

Most Regularly Used Passwords

RankPasswordTimes UsedPasswordTimes Used
1.123456 23.2mashley432,276
2.1237567897.7mmichael425,291
3.qwerty3.8mdaniel368,227
4.password3.6mjessica324,125
5.11111113.1mcharlie308,939

It’s a shame that the top password list hasn’t really changed for at least 10 years – it shows how complacent a lot of us are with our on-line security.

I used to have 3 passwords, a simple one that I used really casually for newspaper sign-ups etc – name123 (not my real passwords, merely examples) a medium security one that I used on shopping sites, n@m3123 and a more secure one, used for banking etc – c3ler0n! (and all of the ones that I used feature on the Have I Been Pwned list).

log on box

About 5 or more years ago I switched to a Password Manager. I have 801 log-ins and 801 different passwords. All of them are at least 16 random characters long and comprise upper & lower case letters, numbers and symbols (where permitted).

My Password database is stored securely in the cloud and is replicated on my PC, Phone and Tablet and accessible from my Chromebook too. I use LastPass but others exist and here’s a review of some of the top ones.

As you can see, I do my best to stay on top of my security but if you feel adrift, or need some help, just give me a call on 01793 238020 or email andy@enterprise-oms.co.uk for a free chat.